When we consider risk in the context of primary healthcare services, most often we think of clinical risks associated with the services we provide as well as other obvious areas such as business interruptions due to unforeseen or rare events like floods, fires, (pandemics!) and other natural events or cyber incidents. We analyse and assess these risks in terms of their likelihood and impact to determine whether such risks are low, medium, high or extreme. In accordance with the risk scores, we then seek to implement strategies and remediations to either reduce the likelihood of events happening, or their impact if they do – or both.
Such determinations broadly describe a risk management, treatment and mitigation plan and with regular review, audit and updates, will go a long way to reducing risks.
Managing common risks in healthcare certainly underpins accreditation requirements for the RACGP Standards for General Practices as well as the NSQHS Standards in seeking to drive the delivery of safe and effective healthcare services and the tenets of risk reduction and quality improvement are at the heart of every criterion and indicator.
In that sense, risk can’t be viewed as a component of business operations, but as a central requirement underpinning everything we do. It is often only when adversity strikes, unfortunately, that risk is better understood and decisive action taken to address underlying vulnerabilities. A good example of this is businesses only investing in robust cybersecurity systems once ransomware has struck and seriously disrupted a business.
So, how can health care businesses manage risk effectively, continuously and without taking up all your management hours? Here are some suggestions that when implemented together will significantly boost your organisation’s capacity to manage risks well.
Embed a culture of risk recognition, prevention, awareness & disclosure
From the moment new staff join your organisation, ensure risk is on the agenda, encouraging all staff to take responsibility for recognising, preventing, monitoring and disclosing risks as well as developing minimisation strategies. Such risks include near misses, adverse events, opportunities for clinical and non-clinical improvements, scope of practice & competency, codes of practice, compliance with legal and accreditation requirements, cybersecurity & data management, privacy and confidentiality, informed consent, infection prevention and control, vaccine cold chain processes, emergency response planning, work health & safety and medication management;
Described in position descriptions
At regular staff meetings
Demonstrated by all staff and especially by leaders
Assessed as part of staff performance/feedback
Using the appropriate accreditation framework(s) for your type of healthcare service will provide you with an excellent foundation for managing risks well.
Australian Open Disclosure Framework
The Australian Open Disclosure Framework describes the systems and processes to enable health care organisations and clinicians to communicate in an open and transparent manner when services have not gone to plan. Specific resources are available to support smaller practices to implement the Framework and is described in Criterion QI3.2 | Open Disclosure in the RACGP 5th Edition Standards for General Practice and the Australian Commission on Safety an Quality in Health Care NSQHS Standards
The key components of this Framework are;
Detecting and assessing incidents
Signalling the need for open disclosure
Preparing for open disclosure discussions
Engaging in open disclosure
Completing the process
Maintain a risk register and keep it updated
Use a SIMPLE risk register that is easy to populate and keep updated. We can help you with such a risk management tool that includes about 50 common risks in health care to get you started. Using a simple scoring methodology, easily identify your high-risk areas and develop your response strategies accordingly. This register will also enable you to review risks regularly and identify trends; whether risks are increasing, stable or decreasing.
Share the register with your team and obtain their input!
A key strategy to mitigate and treat risks includes insurances for critical components of your services and the following should be included in your annual reviews;
Building and contents
Business Interruption (including cybersecurity)
Professional indemnity (clinicians)
Practice insurance (clinic employees)
Risk Appetite, Tolerance
Are you ready to take risk management to the next level? Then considering your practice's risk appetite and tolerances can bring about an even higher appreciation of risks and where you are comfortable 'playing'.
Risk appetite can be described as an organisation’s qualitative attitude to risk and willingness to accept a certain amount of risk to achieve its goals and is commonly described as a range from ‘low’ to ‘high’.
Healthcare organisations rightfully focus strongly on minimising clinical risks and can usually be described as having 'low risk appetite' given that adverse clinical outcomes can be catastrophic for patients and the organisation.
Tolerance is a more quantitative descriptor for acceptability of risk and is often expressed as a measure of comparative activity – putting defined numbers around the risk acceptability.
The use of risk appetite and tolerance statements in smaller healthcare organisations is low, however an awareness of the thinking processes that underpin your risk decisions is important. These frameworks are currently not a requirement for accreditation purposes.
Examples of risk appetite and tolerances
Risk and Opportunity
As highlighted in the example table above, risk and opportunity are part of the same conversation. We cannot reduce every risk to zero and there are instances where a more aggressive and risk-tolerant approach will drive organisational achievements.
It is a clear awareness of both risk and opportunity that will drive decision-making around whether a strategy is desirable or not.
As always, we can help you with establishing your risk management framework as well as all other areas of practice operations.
Click here to arrange a Zoom chat!